CLAIMS 



What is claimed is: 



1 1 . A method comprising: 

2 receiving a packet at a network device, the packet including a header and a 

3 payload; 

4 tagging the packet, by a first packet-processing application of a plurality of 

5 packet-processing applications, with a cache lookup key based upon 

6 original contents of the header, the cache lookup key indicating where in a 

7 unified cache a cache entry corresponding to the packet will be stored; and 

8 those of the plurality of packet-processing applications attempting to access the 

9 cache entry from the unified cache subsequent to the tagging by the first 

I o packet-processing application using the cache lookup key rather than 

I I generating a new cache lookup key based upon current contents of the 
12 header. 

1 2. The method of claim 1 , wherein said tagging the packet with a cache lookup key 

2 comprises populating a lookup key field of an internal packet descriptor 

3 corresponding to the packet with a hash value. 

1 3 . The method of claim 2, wherein the packet comprises an Internet Protocol (IP) 

2 packet and the cache lookup key is based upon a source DP address of the header, a 

3 destination IP address of the header, a source port of the header, a destination port 

4 of the header, and a protocol value in the header. 

1 4. The method of claim 1 , wherein the plurality of packet-processing applications 

2 includes applying one or more of Network Address Translation (NAT), packet 

3 filtering, and packet routing. 
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5 . The method of claim 4, wherein the plurality of packet-processing applications are 
distributed among two or more processors of the network device. 

6. The method of claim 1 , wherein the first packet-processing application comprises 
a NAT process that modifies the header of the packet, and wherein the method 
further comprises the NAT process initiating a second packet-processing 
application of the plurality of packet-processing applications and providing the 
tagged packet to the second packet-processing application. 

7. The method of claim 6, further comprising the second packet-processing 
application updating the cache entry with information specific to the second 
packet-processing application by using the cache lookup key to access the cache 
entry. 



Docket No. 42390.12323 
Express Mail No. EL886506972US 



24 



8. A method comprising the steps of: 

a step for determining whether a cache lookup key is present in a packet descriptor 
associated with a received packet; 

a step for performing a lookup in a unified cache with the cache lookup key if it is 
determined that the cache lookup key is present in the packet descriptor; 

a step for creating a new cache entry in the unified cache based upon information 
in a header of the received packet and tagging the packet if it is determined 
that the cache lookup key is not present in the packet descriptor or the 
lookup does not locate an appropriate existing cache entry; and 

a step for updating an existing cache entry with module-specific information. 

9. The method of claim 8, wherein the unified cache is implemented as a hash table 
and tagging the packet comprises generating a hash value based upon at least a 
source address and a destination address in the header and storing the hash value 
in the packet descriptor. 

1 0. The method of claim 8, wherein the unified cache is utilized by a plurality of 
distributed packet-processing tasks including Network Address Translation 
(NAT), packet filtering, and packet forwarding. 

1 1 . The method of claim 8, a step for conveying the cache lookup key from the NAT 
packet-processing task to the packet filtering packet-processing task. 
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1 12. A network device comprising: 

2 a plurality of incoming interfaces upon which Internet Protocol (IP) packets are 

3 received; 

4 a plurality of unified caches, each unified cache of the plurality of unified caches 

5 associated with a corresponding incoming interface of the plurality of 

6 incoming interfaces; 

7 a Network Address Translation (NAT) module coupled to each of the plurality of 

8 interfaces and to each of the plurality of unified caches to translate one or 

9 more addresses in headers of received IP packets in accordance with a 

1 0 plurality of NAT rules stored in a NAT rule table, tag the received IP 

1 1 packets with cache lookup keys for the unified cache associated with the 

12 incoming interface upon which they are received, and insert new cache 

13 entries into the unified caches as new packet flows are detected; 

14 a filtering module coupled to each of the plurality of unified caches and to the 

15 NAT module to receive tagged IP packets from the NAT module, perform 

1 6 packet filtering in accordance with a plurality of filtering rules stored in a 

17 filter rule table, and to access and update existing cache entries in the 

1 8 unified caches using the cache lookup keys added by the NAT module; 

19 and 

20 a forwarding module coupled to each of the plurality of unified caches and to the 

21 filtering module to receive tagged IP packets from the filtering module, 

22 perform packet forwarding in accordance with a plurality of forwarding 

23 rules stored in a routing table, and to access and update existing cache 

24 entries in the unified caches using the cache lookup keys added by the 

25 NAT module. 

1 13. The network device of claim 12, wherein the network device is a router. 
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1 1 4. The network device of claim 12, wherein the network device is a switch. 

1 15. The network device of claim 1 2, wherein the NAT module, the filtering module, 

2 and the forwarding module are distributed among a plurality of processors. 

1 1 6. The network device of claim 1 5, wherein the NAT module, the filtering module, 

2 and the forwarding module operate in the absence of a cache synchronization 

3 protocol by performing lookups in the plurality of unified caches using cache 

4 lookup keys stored within internal packet descriptors associated with the received 

5 IP packets. 
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1 17. A network device comprising: 

2 a plurality of incoming interface means upon which Internet Protocol (IP) packets 

3 are received; 

4 a plurality of unified cache means, each associated with a corresponding incoming 

5 interface of the plurality of incoming interfaces, for storing recently used 

6 packet forwarding information; 

7 a Network Address Translation (NAT) means, coupled to each of the plurality of 

8 interface means and to each of the plurality of unified cache means, for 

9 translating one or more addresses in headers of received IP packets in 

10 accordance with a plurality of NAT rules stored in a NAT rule table, 

1 1 tagging the received IP packets with cache lookup keys for the unified 

12 cache means associated with the incoming interface means upon which 

13 they are received, and inserting new cache entries into the unified cache 

14 means as new packet flows are detected; 

1 5 a packet filtering means, coupled to each of the plurality of unified cache means 

1 6 and to the NAT means, for receiving tagged IP packets from the NAT 

1 7 means, performing packet filtering in accordance with a plurality of 

1 8 filtering rules stored in a filter rule table, and for accessing and updating 

1 9 existing cache entries in the unified cache means using the cache lookup 

20 keys added by the NAT means; and 

21 a packet forwarding means, coupled to each of the plurality of unified cache 

22 means and to the packet filtering means, for receiving tagged IP packets 

23 from the packet filtering means, performing packet forwarding in 

24 accordance with a plurality of forwarding rules stored in a routing table, 

25 and for accessing and updating existing cache entries in the unified cache 

26 means using the cache lookup keys added by the NAT means. 
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1 18. The network device of claim 1 7, wherein the network device is a router. 

1 19. The network device of claim 1 7, wherein the network device is a switch. 

1 20. The network device of claim 1 7, wherein the NAT means, the packet filtering 

2 means, and the packet forwarding means are distributed among a plurality of 

3 processors. 

1 21. The network device of claim 20, wherein the NAT means, the packet filtering 

2 means, and the packet forwarding means operate in the absence of a cache 

O 3 synchronization protocol by performing lookups in the plurality of unified cache 

«£j 4 means using cache lookup keys stored within internal packet descriptors 

m 

HI 5 associated with the received IP packets. 
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1 22. A machine-readable medium having stored thereon data representing instructions 

2 that, if executed by one or more processors of a network device, cause the one or 

3 more processors to : 

4 receive a packet including a header and a payload; 

5 tag the packet, by a first packet-processing application of a plurality of packet- 

6 processing applications, with a cache lookup key based upon original 

7 contents of the header, the cache lookup key indicating where in a unified 

8 cache a cache entry corresponding to the packet will be stored; and 

9 use the cache lookup key rather than generating a new cache lookup key based 
Hp io upon current contents of the header by those of the plurality of packet- 
fTI 1 1 processing applications attempting to access the cache entry from the 
O 1 2 unified cache subsequent to the tagging by the first packet-processing 
=E 13 application. 

'is 

3 1 23. The machine-readable medium of claim 22, wherein tagging the packet with a 

{J 2 cache lookup key comprises populating a lookup key field of an internal packet 

ff 3 descriptor corresponding to the packet with a hash value. 

1 24. The machine-readable medium of claim 22, wherein the packet comprises an 

2 Internet Protocol (TP) packet and the cache lookup key is based upon a source IP 

3 address of the header, a destination IP address of the header, a source port of the 

4 header, a destination port of the header, and a protocol value in the header. 

1 25 . The machine-readable medium of claim 22, wherein the plurality of packet- 

2 processing applications includes applying one or more of Network Address 

3 Translation (NAT), packet filtering, and packet routing. 
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1 26. The machine-readable medium of claim 22, wherein the plurality of packet- 

2 processing applications are distributed among at least two processors of the 

3 network device. 

1 27. The machine-readable medium of claim 26, wherein the plurality of packet- 

2 processing applications include Network Address Translation (NAT), packet 

3 filtering, and packet forwarding. 

1 28. The machine-readable medium of claim 22, wherein the first packet-processing 

2 application comprises a NAT process that modifies the header of the packet, 
2 3 wherein the instructions further cause the one or more processors to: 

J: 4 provide the tagged packet to a second packet-processing application of the 

5 plurality of packet-processing applications; and 

l2 6 initiate the second packet-processing application of the plurality of packet- 

^ 7 processing applications subsequent to the NAT process. 

W 1 29. The machine-readable medium of claim 28, wherein the first packet-processing 

O 2 application comprises a NAT process that modifies the header of the packet, 

« s 

3 wherein the instructions further cause the one or more processors to : 

4 access the cache entry, from the second packet-processing application, by using 

5 the cache lookup key; and 

6 update the cache entry, by the second packet-processing application, with 

7 information specific to the second packet-processing application. 

1 30. The machine-readable medium of claim 22, wherein the unified cache is 

2 implemented as a hash table and tagging the packet comprises generating a hash 

3 value based upon at least a source address and a destination address in the header 

4 and storing the hash value in the packet descriptor. 
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The machine-readable medium of claim 22, wherein the network device 
comprises a router. 

The machine-readable medium of claim 22, wherein the network device 
comprises a switch. 




1 31. 

2 

1 32. 

2 
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